Some are managing separate silos of access for individual servers and applications, others are in deploying provisioning systems, and others have mature provisioning and directory infrastructures.

A common topic of discussion is when in the process can they start using identity and access intelligence as a service. Can a IAI service enable compliance even before they have implemented MS-AD or another directory product? Is a provisioning system a requirement? What if the access rights are full of problematic rights?

In response, I recently created a 3 part quiz to help companies measure their readiness for identity and access intelligence as a service. Although it is slightly tongue-in-cheek, here it is, enjoy:

Wednesday, March 10, 2010

Gartner predicts the Identity and Access Management (IAM) market will grow to $11.9 billion by the end of 2013.

This builds on the Gartner prediction that IAM revenue will reach $9.9 billion in 2010, an 8 per cent increase from 2009 revenue of $9.2 billion.

"IAM technology is a critical component of enterprises' security strategies, and Gartner clients have indicated that approximately 8 per cent of their security budgets are dedicated to IAM." - Ruggero Contu, principal research analyst at Gartner

This continues a regulatory focus on IAI seen last year when FINRA's 2009 letter stated:

"Insider threats remain an elevated risk, especially during this time of corporate downsizing in response to current economic conditions. FINRA has seen several high-profile problems result from poor IT account management within the employee ranks. Systems that are used to control employee activities and provide a check and balance should be reviewed to ensure that only currently authorized personnel are granted access to these systems. The same holds true for other systems, such as trading systems that can be used to commit firms to a trade or contract. Weaknesses in these controls can be costly and can significantly damage a firm’s business and/or reputation."